Generate SAML11 Secure and Non-Secure Touch Projects

Last modified by Microchip on 2023/11/10 11:19

Contents 

 

Introduction

The ATSAML11 is an Arm® Cortex®-M23 based MCU featuring Arm TrustZone® technology which provides additional security features. SAML11 flash can be partitioned as secure vs non-secure. The touch library can reside in either the secure flash area or the non-secure flash area. Even if the touch library has to reside and run from a non-secure flash area, the device still needs to boot up in the secure flash area and then the program execution will jump into a non-secure flash area.

SAM L11 Projects classification concerning the security features is provided below.

  1. Non-Secure Project - By default, a SAM L11 project created in START comes without the TrustZone Manager middleware and it is considered a non-secure project. To import a non-secure project to the IDE, a secure linker script, a library, and a header file needs to be added.
  2. Secure Project - Add the TrustZone Manager middleware in START to convert a non-secure project to a secure project and then configure the TrustZone settings.

Objective

The following lab shows you how to create ATSAML11 QTouch® secure and non-secure projects in START, and import them into Atmel Studio. This project is generated for the ATSAML11 Xplained Pro along with the QT7 Xplained Pro Extension Kit.

Note: Atmel® Studio in now Microchip Studio for AVR® and SAM Devices

Back to Top

Materials

Hardware Tools

Software Tools

Back to Top

Procedure

Open the CREATE NEW PROJECT wizard in Atmel START

Go to http://start.atmel.com and click on the CREATE NEW PROJECT button.

Screenshot of the start.atmel.com site with Create New Project Button highlighted

Select the device and middleware and create the project
Start typing saml11e in the Filter on device… box.
Select 'ATSAML11E16A'
Add the QTouch middleware.
Add the TrustZone Manager middleware for a Secure Project. Do not add the TrustZone middleware for Non-Secure Project.
Click on CREATE NEW PROJECT.

Selecting device and libraries in the Create New Project window

Additional secure elements such as trustzone_veneer.h, linker file, and libsecure_gateway_veneer.lib are to be linked from the secure project during non-secure project import to Atmel Studio.

Configure TrustZone settings

After project creation, the project dashboard will open as follows. Click on TRUSTZONE_MANAGER_0 to configure the TrustZone settings.

Project Dashboard view with TrustZone_Manager_0 highlighted

Configure the TrustZone Manager settings as shown in the figure below.

Top half of TrustZone Manager window with correct Settings for project

The SERCOM1 fuse has to be checked in the TrustZone settings to configure PA18 and PA19 as touch lines. In addition, secure and non-secure stacks and other peripherals are to be configured either as secure or non-secure depending on your application.

TrustZone Manager Settings for Sercom1 and Secure and Non-Secure Stacks

Add and configure button and slider sensors to the project

Refer to the link below to add buttons, slider sensors, configure the driven shield, debug pins, and generate the project from START as per the SAML11E16 and QT7 design files:

Refer to the following SAML11E16 Xplained Pro EXT1 header and QT7 Xplained Pro documents for connection details.

Based on the design files, the Y lines should be selected as follows:

Pin assignments for SAML11E16

Click here for guidelines to create sensors and generate project.

Back to Top

Working with the Atmel Start QTouch SAML11 TrustZone Example Project

SAML11 Non-Secure Project Import and Creation in Atmel Studio

Download the 'QTouch SAM L11 Trustzone Settings Example Project'
  • Go to http://start.atmel.com  and click on the 'BROWSE EXAMPLES' button.
  • Type "saml11" in the Search box and select 'QTouch-SAML11-Trustzone-Project' from the list.
  • Click on 'DOWNLOAD SELECTED EXAMPLE'.

Atmel Start Browse Examples Window showing search for SAML11 TrustZone Project

Note: You can set the peripherals needed for a Non-Secure project as non-secure in this step. All you have to do is select the 'QTouch SAM L11 Trustzone Project', click 'OPEN SELECTED EXAMPLE' in START and change the settings in the TrustZone Manager before downloading the example project.

Open Atmel Studio and import the QTouch SAML11 TrustZone Project

Import Project Window in Studio

Setup the Peripherals

The peripherals needed for a Non-Secure QTouch project can also be configured as non-secure by setting them as 1 in the trustzone_config.h file in the QTouch SAML11 Trustzone Project after downloading it. The list of the peripherals to be configured as non-secure for a QTouch project is given below. Other peripherals can also be configured in the trustzone_config.h file as needed in your application.

  • PTC
  • RTC
  • PORT
  • SERCOM used for UART (Data Visualizer Interface)
  • SERCOM1 (Linked with XY14 (PA18) and XY15 (PA19)

Screenshot of trustzone_config.h file in Studio

Build the project and keep it aside

Screenshot of Project in Studio

Import the SAM L11 Non-Secure QTouch Project (without TrustZone) generated from START to the QTouch SAM L11 TrustZone solution.
From the Studio menu bar, click on File->Import->Atmel Start Project.

Screenshot of Studio showing how to import project from the Menu Bar: File->Import->Atmel Start Project

Browse for the Veneer Header File, libsecure_gateway_veneer.lib, and Non-Secure Project Linker Script from the created QTouch SAM L11 TrustZone Project and click OK.

Import Atmel Start Project window in Studio

Now the Secure and Non-Secure Projects are in a single solution as shown below.

Screenshot of Studio showing Secure and Non-Secure Projects

Build the L11-Non-Secure project and keep it aside.

Now both projects have been created and built.

Back to Top

SAML11 Non-Secure Project Device Programming for Debug

Set the StartUp Project

Right-click on the 'L11_Non-Secure_QT7 project' and choose 'Set as StartUp Project'.

Screenshot of Solutions Explorer while setting 'L11_Non-Secure_QT7 project' as StartUp Project

Add the TrustZone Project

Add the Secure QTouch SAML11 TrustZone Project generated elf file under Additional modules in the Non-Secure_QT7 project's 'Advanced Properties'.

Adding the Secure QTouch SAML11 TrustZone Project generated elf file in the Additional Modules box

Note: The QTouch SAML11 TrustZone Settings Project must be compiled if any modifications are made in trustzone_config.h after adding the elf file.

Erase the Device

Choose 'Chip erase All (CE2)' from the L11_Non-Secure_QT7 Tool Program settings.

Choose 'Chip erase All (CE2)' from the L11_Non-Secure_QT7 Tool Program settings

Start Debugging

Click either the Start Debugging and Break or the Start Debugging buttons to flash the code and start debugging. Open the Data Visualizer, browse the scripts, and connect it to see the touch status.

Studio Toolbar with "Start Debug and Break" and "Start Debug" buttons highlighted

Note: Here both secure and non-secure codes are flashed to the device in a single shot.

Back to Top

Programming the Project in Release Mode

Erase Secure Memory and Program Secure Code
  • Uncheck the 'Erase Flash before programming' option.
  • Choose the 'Chip Erase Secure (CE1)' option and erase the device by clicking the Erase now button.
  • Browse for the QTouch SAML11 TrustZone Project generated hex file and click the Program button.

Screenshot of Programming Tool showing Secure Chip Erase option

Erase Non-Secure Memory and Program Non-Secure Code
  • Uncheck the 'Erase Flash before programming' option.
  • Choose the 'Chip Erase Nonsecure (CE0)' option and erase the device by clicking the Erase now button.
  • Browse for the L11_Non-Secure_QT7 project-generated hex file and click the Program button.

Screenshot of Programming Tool showing nonsecure Chip Erase option

Read the Fuse Settings of the Device

Screenshot of Programming Tool with Fuse values read from part

Program Fuses

Program the 'USER_WORD_2' to 'USER_WORD_6' fuses with the settings shown below:

Screenshot of Programming Tool with Fuses set to correct values for the project

Now the device is ready with the QTouch code. Open the Data Visualizer, browse the scripts, and connect it to see the touch status.

Note: These fuse settings apply only to this QTouch project with its required peripherals. These settings may vary if additional peripherals/other configurations are added.

Back to Top

SAM L11 Secure Project Import and Creation in Atmel Studio

Open Atmel Studio and now import the SAM L11 Secure QTouch Project (with TrustZone) generated from START.
Atmel Studio will not ask for any additional files while importing a secure project and the project will be created as usual in a standard procedure.

Now TrustZone is part of the QTouch project itself as marked below.

Screenshot of Studio showing TrustZone has been added to QTouch Project

You can debug or program the Secure QTouch project-generated hex file to the SAML11 as usual in a standard procedure.

Note: 'USER_WORD_6.NONSECC_SERCOM1' fuse has to be checked (ticked) in the fuse settings after flashing the hex file to the device in program mode to enable XY14 (PA18) and XY15 (PA19) as touchlines.

Back to Top

Results

SAML11 Secure and Non-Secure projects were generated from START, created projects by importing to Atmel Studio and programmed successfully.

Back to Top